-
Notifications
You must be signed in to change notification settings - Fork 149
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Switch to a recent version of a supported Jsch fork (#711)
The version of JSch bundled in the plugin has not been maintained in a few years so has not kept up-to-date with newer cryptographic keys, ciphers, and signatures. This causes challenges for users attempting to use Git with configuration using up-to-date cryptographic recommendations, as the library only supports SHA1 signatures for RSA which distributions like OpenSSH have stopped supporting. The JSch implementation has been switched to an actively maintained fork and an up-to-date version of BouncyCastle included in the dependencies to ensure elliptic curves and recent cipher suites are available. The existing RemoteRejectionTest has been altered to use public key authentication and an up-to-date container running a recent version of OpenSSH to allow realistic connectivity testing of remote Git over SSH connections. As the Jsch distribution is a multi-version JAR including Java 16 class files, the plugin has had to be updated to Gradle 7 as the ASM version used in Gradle 6 is not compatible with Java 16 classes.
- Loading branch information
Showing
9 changed files
with
241 additions
and
299 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,13 +1,13 @@ | ||
FROM jkarlos/git-server-docker | ||
FROM rockstorm/git-server:2.43 | ||
|
||
RUN passwd -d git \ | ||
&& sed -i 's/^PasswordAuthentication.*/PasswordAuthentication yes/g' /etc/ssh/sshd_config \ | ||
&& echo "PermitEmptyPasswords yes" >> /etc/ssh/sshd_config \ | ||
&& ls /etc/init.d \ | ||
&& mkdir -p repos \ | ||
&& git init --bare repos/rejecting-repo \ | ||
&& echo -e "#!/bin/sh\necho 'I reject this push!' >&2\nexit 1" > repos/rejecting-repo/hooks/pre-receive \ | ||
&& chmod +x repos/rejecting-repo/hooks/pre-receive \ | ||
&& sh /etc/init.d/sshd restart | ||
RUN mkdir -p /srv/git/repos/rejecting-repo \ | ||
&& mkdir -p /home/git/.ssh \ | ||
&& echo -e "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCu0nkKWfkHn7bqz4VwFNORWZYZp1jKuiom/E3I5XzGMZTmo2M9TWIRGPsx1h+5GYnFiGo8DYaJv1T//nnE2lAWJ7e9Cj9dJQ5wx3EwJc9twHEzBF8hstpzCZS2UVlsWlkKkVwH8py54wh/xoG1mcAH/am5QBxcFarHqmMaN9YU6tXv2ipbpd5BsXUDvh0WOS/j/iylD2ACUYe+iBzC/FrZDeJR6Kkbomb+1Pxr7ffail5WzihpHcF6lR1hG98f8pDtJUo00n5mmZPp3ZxFmssIHbv9ZdU6x0vgEs9qBO1p0tILhVLhNHq3oLumWRtEzdH7AP1VjNCQ3aMy4MpJo+xUHD28btWS5N4wVpAQCZqVu5ucz/5jnsdluQVEd4grUu4nKgFiHPA0/o938fDO7tO2HOp3QhdFK+zlP6Q0H4XOZTk3kYn+9yymT294lqM+NeFApSdGSCROJI5HZQaQJX2tkjAy5eJYQcBzko6+KVL+mWZ8/D54NJX0O87FN0205NM= user@host" >> /home/git/.ssh/authorized_keys \ | ||
&& chown -R git:git /home/git/.ssh \ | ||
&& chmod 700 /home/git/.ssh \ | ||
&& chmod 600 /home/git/.ssh/authorized_keys \ | ||
&& git init --bare /srv/git/repos/rejecting-repo \ | ||
&& echo -e "#!/bin/sh\necho 'I reject this push!' >&2\nexit 1" > /srv/git/repos/rejecting-repo/hooks/pre-receive \ | ||
&& chmod +x /srv/git/repos/rejecting-repo/hooks/pre-receive | ||
|
||
CMD ["sh", "start.sh"] | ||
CMD ["/usr/sbin/sshd", "-D"] |
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,5 +1,5 @@ | ||
distributionBase=GRADLE_USER_HOME | ||
distributionPath=wrapper/dists | ||
distributionUrl=https\://services.gradle.org/distributions/gradle-6.9.1-bin.zip | ||
distributionUrl=https\://services.gradle.org/distributions/gradle-7.0-bin.zip | ||
zipStoreBase=GRADLE_USER_HOME | ||
zipStorePath=wrapper/dists |
Oops, something went wrong.